Uber Fined Record $324 Million In Netherlands For Transferring Sensitive EU Driver Data To U.S.

 

Uber Agrees To Pay 70,000 UK Drivers A Minimum Wage, Holiday Pay And Pensions

The Dutch privacy regulator has ordered Uber to pay a fine of nearly $325 million.

Dutch privacy regulators hit Uber with a record $324 million (€290 million) fine Monday for violating the European Union’s data protection laws by transferring sensitive personal data of its drivers to the U.S. without adequate safeguards.


Key Facts

The Dutch Data Protection Authority said its investigation found Uber had transferred the personal data of European cab drivers—including taxi licenses, IDs, location data, photos, payment details, and “in some cases even criminal and medical records,” to the U.S.

The agency said Uber transferred this data to the U.S. for over two years without proper transfer tools designed to protect user privacy—in violation of the EU’s General Data Protection Regulation (GDPR).

Uber ended this violation and has implemented the proper safeguards since late last year, the Dutch DPA said.

According to Bloomberg, the $324 million penalty is the biggest issued by the Dutch DPA and the biggest fine Uber has faced globally.

Forbes has reached out to Uber for comment, but the company told Bloomberg the fine is “completely unjustified,” claiming it was compliant with the laws and will file an appeal.

Crucial Quote

“In Europe, the GDPR protects people's fundamental rights by requiring companies and governments to handle personal data with care. But outside Europe, this is unfortunately not the case…This is why companies are usually obliged to take extra measures if they store personal data of Europeans outside the European Union,” Dutch DPA Chair Aleid Wolfsen said, adding Uber’s violation was “very serious.”

Key Background

Earlier this year, the Dutch DPA fined Uber $11 million (€10 million) for how it handled the retention of drivers’ personal data. The agency found Uber had not properly laid out terms and conditions for how long it retains driver personal data. The DPA also found Uber’s process for allowing drivers to make personal data access requests “unnecessarily complicated.” Both the previous fine and the latest one stem from an investigation launched by the Dutch agency in response to a complaint filed by 170 French drivers with the country’s privacy regulator. The investigation was handed over to the Dutch DPA, since Uber’s EU operations are headquartered in the Netherlands. Under the EU’s GDPR laws, violating companies can be fined up to 4% of their annual global revenue.

Comments

Popular posts from this blog

Characters In BBC’s Documentary On TB Joshua Unknown To Us – Synagogue Church

NBA Suspends Canada’s Joshua Primo For 4 Games For Exposing Himself To Women

Sky Sports' On-Air Mix-Up: Chelsea Players Mistakenly Introduced as Axel Disasi Instead of Noni Madueke in Carabao Cup Semifinal